Skip to main content

IaC Security Configuration Options

The following table shows the configuration options available for the IaC Security scanner. These configuration options can be applied on the Account > Project > Scan levels. These configurations can be set via the web application (UI), CLI or API, as shown in the table below.

Notice

CLI flags are submitted on the scan level with the scan create command. API configs can be configured on the account or project level using the Configuration API.

Parameter

Values

Notes

CLI

API

Folder/file filter

Allow users to select specific folders or files to include or exclude from the code-scanning process.

  • Including a file type - *.java

  • Excluding a file type - !*.java

  • Use “,” sign to chain file types.

    for example: *.java,*.js

  • The parameter also supports including/excluding folders.

  • regex is not supported.

--iac-security-filter <string>

scan.config.kics.filter

platforms

  • Ansible 

  • AzureResourceManager

  • Buildah

  • CICD

  • CloudFormation

  • Crossplane 

  • DockerCompose

  • Dockerfile

  • GoogleDeploymentManager

  • GRPC

  • Knative

  • Kubernetes

  • OpenAPI

  • Pulumi

  • ServerlessFW

  • Terraform

Notice

Configure one or more platforms, separated by a comma.

The parameter means that you only want to run scans (queries) for those platforms.

For example: Ansible, CloudFormation, Dockerfile

Warning

Any mistake in the platform characters will cause an error.

--iac-security-platforms <string>, <string>

scan.config.kics.platforms